Windows
Analysis Report
239492.pdf
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
- Acrobat.exe (PID: 6656 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\Acrobat .exe" "C:\ Users\user \Desktop\2 39492.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C) - AcroCEF.exe (PID: 2940 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ba ckgroundco lor=167772 15 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE) - AcroCEF.exe (PID: 4988 cmdline:
"C:\Progra m Files\Ad obe\Acroba t DC\Acrob at\acrocef _1\AcroCEF .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --log-seve rity=disab le --user- agent-prod uct="Reade rServices/ 23.6.20320 Chrome/10 5.0.0.0" - -lang=en-U S --log-fi le="C:\Pro gram Files \Adobe\Acr obat DC\Ac robat\acro cef_1\debu g.log" --m ojo-platfo rm-channel -handle=16 28 --field -trial-han dle=1568,i ,592014452 895726784, 4519843502 274583726, 131072 --d isable-fea tures=Back ForwardCac he,Calcula teNativeWi nOcclusion ,WinUseBro wserSpellC hecker /pr efetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 3 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
x1.i.lencr.org | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
93.184.221.240 | unknown | European Union | 15133 | EDGECASTUS | false | |
2.23.197.184 | unknown | European Union | 1273 | CWVodafoneGroupPLCEU | false | |
184.28.88.176 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
23.203.104.175 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
107.22.247.231 | unknown | United States | 14618 | AMAZON-AESUS | false | |
172.64.41.3 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524389 |
Start date and time: | 2024-10-02 18:06:00 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | 239492.pdf |
Detection: | CLEAN |
Classification: | clean1.winPDF@21/33@3/67 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.88.176
- Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, fs.microsoft.com, ssl-delivery.adobe.com.edgekey.net, geo2.adobe.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 239492.pdf
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\234f467b-4e52-486c-8678-f317518ac7ac.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 403 |
Entropy (8bit): | 4.953858338552356 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF678ecd.TMP (copy)
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4C313FE514B5F4E7E89329630909F8DC |
SHA1: | 916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56 |
SHA-256: | 1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873 |
SHA-512: | 1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bc6c9161-9ee2-4e4e-b6dd-3836945c6593.tmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 4.986125181176798 |
Encrypted: | false |
SSDEEP: | |
MD5: | BE9EB720E6BAF6E32C52747BC4A5D694 |
SHA1: | 7A2D7F99E210B66D76D7EC84261BD8E9C4232A98 |
SHA-256: | B7FF442CB0021A8195184983F85C813CDDC4AB56B83E6B56CD05C1BDC907BF56 |
SHA-512: | 88B17DB13E9DC294591C3C694B69E963C8F7BB8D51762B2B6F889427357012E1D2483F6D65D5E59F9CBB38922D0D16245627665EB79DD24332E8C0B8F6A2FECF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002160636Z-224.bmp
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71190 |
Entropy (8bit): | 0.9427926288089925 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7E28C97A626D21CC31306CF1167E3587 |
SHA1: | 19FCC8890271B6B38ADA72249A79C6B71821741E |
SHA-256: | BD94BD6954208A20A3C669C44C4732EA05A34F2B5ED0DCFA369BC1C29C98DCB0 |
SHA-512: | F830436C8646F2DD5A0960CD8D871EFDEDE1AFE945B76F5050BA59A919B4D8BA52FD9CCECF668BD716008AF9C010951660D2FCE9F28D4B4B20F3F60071F401EB |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57344 |
Entropy (8bit): | 3.291927920232006 |
Encrypted: | false |
SSDEEP: | |
MD5: | A4D5FECEFE05F21D6F81ACF4D9A788CF |
SHA1: | 1A9AC236C80F2A2809F7DE374072E2FCCA5A775C |
SHA-256: | 83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2 |
SHA-512: | FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16928 |
Entropy (8bit): | 1.2138579597003811 |
Encrypted: | false |
SSDEEP: | |
MD5: | 271A0FA7B3E7CB163CB431F0D14224E3 |
SHA1: | 622C70189B2978BE00621788549AB4B176F9499B |
SHA-256: | 694FDFC3BA197DF9BEA8AD43802A1A5C4F9C0304CAE890C602D5B51F0D9E7CC3 |
SHA-512: | FB88555BB4F7449A8FB3592A8D6C72530034683B9B623F6E9262ED1C829E5C7E7AA2359FEF935B21CFCFA394BEA83AF2CDDD442641E361D073233717BBA3104E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 71954 |
Entropy (8bit): | 7.996617769952133 |
Encrypted: | true |
SSDEEP: | |
MD5: | 49AEBF8CBD62D92AC215B2923FB1B9F5 |
SHA1: | 1723BE06719828DDA65AD804298D0431F6AFF976 |
SHA-256: | B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F |
SHA-512: | BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.7673182398396405 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5E9F6BDA187B5575F09EB8514BD61BC2 |
SHA1: | 50F4FE1F90129DFD87A9237FAACA173043D1D831 |
SHA-256: | 18D8A6408E8962CF0797B95E899F1A9BABCF8030E890BF5C1E523E29CD12F8BE |
SHA-512: | 15B8FF6885D2B718DB0F2F5CEA9CA66372DA516463F4695368D2886054EBEDD72D2C465FD163A6C721A47B8B9AA0E9AAAA83BC451E5B6402CC69AE668D1140A6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.144086598890895 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8BE032C4C0E3CFD613BF927A99DCE985 |
SHA1: | 9B939E2CEE1A71961B7DCFA8B1C09B66B45787EF |
SHA-256: | 36033CB07D9A510DADEA53F54FC9BB32DD90D0D2A6456251396A0382CB8A2FCC |
SHA-512: | 8F9ED9EE25A468B202A5C336A32F6A406DEDAEB95135F5B7D39958299371D8DA7AD578AA3F1CE76A25222267166C293EC6209DDD2F78EB392FEBCC7B58546C5D |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 5.378794512388448 |
Encrypted: | false |
SSDEEP: | |
MD5: | C02E28B46656B8CE676A5CB8FEB6A35C |
SHA1: | 7F7E81A85DE51E7737D604738ABBC7BAEA964E85 |
SHA-256: | 231E06A6E6A13BBF4D95EFC854566C9AF954462E788068BD975B8F9BAA198B6C |
SHA-512: | 8717A0108B16FE6D67B5C5944A868A76AA83F9F80DEE496A1D5BB0488C53B2597B3A5BC0DD0DA9199D6AF303F79B3EFBE1C27AF5785D73088938DB28E93745BF |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.3266145508140195 |
Encrypted: | false |
SSDEEP: | |
MD5: | 80E76D175043D49DB1C6A3F6DD08B449 |
SHA1: | 1997F24DCEA792FBFCB7E79C9E4DF1962F7336DA |
SHA-256: | 42BF2242458C66D232C4ABC2D6DBB371A786F5F7ED0CF31A6B5249F3A348E81E |
SHA-512: | D2A8BB9AC2C160646B0B345D2C8B448EB7CE3441A0C5E113ADFD91C1294B87F8FA2F059C4F2AB3BF1B9203D996658F6F317D76993CBCCF74CE3656D46FE55E6C |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 294 |
Entropy (8bit): | 5.305162867340025 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7D5E233E4414C0ADB24769858E48EA58 |
SHA1: | 95F87824FC765589E2EC07986CD82026969EAD82 |
SHA-256: | 7E4DEF95F7BFC41A838A3640D946F59B03ED5B0BF12EF79BCC9CABF2E441A3F3 |
SHA-512: | 95A5BD9670B74493B164BBD6501488D35E8A5B0381713F027E14C74773231B2C122696B2DDD1B5C53C2ABDDB30F658811D5FF8418E92ADEC7C478DF5A9DB5826 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285 |
Entropy (8bit): | 5.367716144149488 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4BB44CBFB8F53338087596BBBF6FAA4A |
SHA1: | FA2BD3094C339579E2659B27E57B503B2F42B777 |
SHA-256: | BB912F7983700EDADCB1B109BAD14D6C6DD3D41C73FD88A02AB6DF3FDC0F5DA7 |
SHA-512: | 23653E04319AFF4DB7A47EF0E7E5A8B397A6BA33000EB0736ADE063A017F8FF1B520F97614EA68AF8F7C93793D9BB31DD6CBE060BDD8FE6AA2DF7008A3599ED9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1063 |
Entropy (8bit): | 5.670103780006339 |
Encrypted: | false |
SSDEEP: | |
MD5: | C050634B57F89B54207112346197C73D |
SHA1: | 484AD3384B0E73CF9D7172B125EC13F253DD00B1 |
SHA-256: | 314E827EEEB0E73BE790EBC89C5FFCD4F696154CF0D172801F8AA3E45D4AAFEB |
SHA-512: | 56B26FCA255E824D43D22B7FCD23BC3138B426BED7F4FB87EEC1A8EBF5AC8E2F2F8864F56FBBAA08B892438A683AABA35D41BABC747638C240BD0492DA0DA451 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1050 |
Entropy (8bit): | 5.655287936589703 |
Encrypted: | false |
SSDEEP: | |
MD5: | 00F63C6444D2F6D30CF56719D3F52B66 |
SHA1: | 28AE80EA4F47452B28A49A83C7DBB4F40BE5F1B4 |
SHA-256: | 6A9D36F0959832957B187D0F2E2BD6585A854947467D191498183B1987679E5F |
SHA-512: | 1BDBBF08EE74C33A4F370E8ED774B3E32FA45BA19F0CA206B878B632F41FD87B883D6D58890D79125E9E632417DFAAD7D31145310BD68A3B1ACD2A9F2CF23159 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.318566275113058 |
Encrypted: | false |
SSDEEP: | |
MD5: | 28BEEC00E6334184450A59D33485201A |
SHA1: | 506E8DB1A75EA8473A6381DBBEEE2FD9355E7988 |
SHA-256: | 1154B1A2DD7030D9E9277E2BCC4FB1233D77E9DD30F7AC03F332A9FC1AE3F8AF |
SHA-512: | 36B147B1507E33B82BAB859DB006E54FD548BFA826D07A9D547F4693FB017AA04A856E3AF5D952D0C62C683E4A3550E7FA9D96A9D5BD114DA907BCB851F80879 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1038 |
Entropy (8bit): | 5.651227650420925 |
Encrypted: | false |
SSDEEP: | |
MD5: | 19745654199FBC008A709BC1B6E88B69 |
SHA1: | 7A7ADAEF852B4F16909E6A1055BEF32ACB892BFE |
SHA-256: | 299EA9B9896081074394140AE2CEE72DFDA19D12ED2995DFC8DFDB48DC3CBDEE |
SHA-512: | E1BA66FEC68263949721E4DC449614A1EC7E115DE8E4AC481EDCAD3A7AFE46C153B2021E6D957CEC72385054A64F4BB397DC2179F1E6ED96B4BCB312551502FD |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1164 |
Entropy (8bit): | 5.698649754856818 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8AEEBF62B2883923A8CD1DCAFF89E74D |
SHA1: | 0DB05AE6256BADB5A14B05745DFE782E3E9BD9C6 |
SHA-256: | CAA17C725F7F67F71418751EB0AE027B46C307B7E867239102AC618B2B163912 |
SHA-512: | E60E92C3EA49148F9DAD4F38695F8CDD695B817F0308015D8A4D94CD07E58525646FA55589E4CD1537A08081FA4209DC3911EC45AD1CE051CC0EE2F746BB7FCA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 289 |
Entropy (8bit): | 5.322682106281105 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3C87E018AF940998C6FC91A7A67B93F4 |
SHA1: | 0FC8AD8E36B1BE3AC3CCA05D18E8F7DE459C679A |
SHA-256: | 96042FC1D8BE5F1D700CA12808667F70F7128C066261C9B76ADF68A33F2FEA48 |
SHA-512: | 24976FDF6C33DB737B2E97E5BCCCF587DE48D62D3B4DEF8BE5F551B6061BC1AEE0657521D372AAC8A58E53560D3B4C6A169C31CF7D445EA1A26F073591CF17FD |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1395 |
Entropy (8bit): | 5.7734471996270775 |
Encrypted: | false |
SSDEEP: | |
MD5: | 302241139B96605261EFEE7F124342BC |
SHA1: | CDFF172E423B9A9E6174B49F2DC00CC8D5ED0A0F |
SHA-256: | AD080EB60B95AA5F7DAD523887943FC68C8E2CE9644885CDE8735C336F850DCB |
SHA-512: | 668B02111D531932C0AAD0E8FF53EE7B6F7B17E523E956268DD80665C12F8991E1C768852406FD152420E243456C30A772959E86A89117D7DA01B88171E2B6AA |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 291 |
Entropy (8bit): | 5.306073313190149 |
Encrypted: | false |
SSDEEP: | |
MD5: | 0E04F5A6F4D2912032B2408D166104AE |
SHA1: | 7B3BC42FC6C3F136E01433237B8CCB192197D403 |
SHA-256: | 87621698CDD0197B7A2E49DD7FFE720076D7EDA98A5C4A0BF8D7A4FC4C0DCE3F |
SHA-512: | CA3BC13A5B2406524C42E08193D0623895FEED9FB4975CD877A747CBD9F48037A8E0B03A602EF8D6379604C83096B7576FA4052739E29040314B40943ED58880 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 287 |
Entropy (8bit): | 5.309454207115856 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7005E2AD2A3A05CDFFC8CC6F29F34E0D |
SHA1: | 27D75DBCCFAA6EE95B02A565F686236C6BB63C18 |
SHA-256: | 66EAD7B63E21240E381F30143595B6FD9BA91812C4B3555B852FA17450D336DE |
SHA-512: | 16BC171187299B6C023DF97C5FE234E8734D08B054F9786BCAB8BC71911B5EBC415C8361ADEDED8D1E340220AB76114367C048870CF5E8630173E73E9FD22B6B |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1058 |
Entropy (8bit): | 5.656921160282672 |
Encrypted: | false |
SSDEEP: | |
MD5: | A024ACCCF1DB0A26BB9C3B0C612E961E |
SHA1: | 991DBF74FF031AAB156C7C2924E3E82CE9333706 |
SHA-256: | 0E636309DA1264165305B443938172E25C5802B145CB2B2F019E85923E3FE392 |
SHA-512: | 1D3E1A19089BA94B48BC789231D828D352302587D3AF94D12B8047CADF4AB2CF862EBD7A4A90AFB9679E72E98B7B6B5E8E6AA995ACB4D3FD16B5B705C4A8F76E |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 286 |
Entropy (8bit): | 5.286501066899328 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6159B63F18E39FEF0E0CC89D35844E2F |
SHA1: | A27C172EE22778095AB28C497A9F5295E3A2E8E7 |
SHA-256: | F3DB7E3139AC5E265077190700256432EAA8C96A3FDE62C566740CFE06B7EE40 |
SHA-512: | FF87C6F66F97B24D51A32180A56684D90740F97114F90B9ADB604853DE17C9F34F93B1211938A8183DA6C8C6CE9AD021988C342F33C02CA233E9AEEA5EC58B2F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782 |
Entropy (8bit): | 5.371034457247179 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2EA93017304C4CDF863D017024E72A05 |
SHA1: | 5089157FB94CB70ABCEDDC3D0347CE508EE8119E |
SHA-256: | D65A73697FE1BDF94BF109F8A512CA523FF3250C8C5E7CC1CF09E63960EEE266 |
SHA-512: | 427084F415EE91ED0FF4E07A0025E9B8264BC59705ADC864AC45B80B4F4ABDB8A9B72CE38061126645D38DD5410CD2B818FFD2511546C19EA060BED0D8E574FF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | |
MD5: | DC84B0D741E5BEAE8070013ADDCC8C28 |
SHA1: | 802F4A6A20CBF157AAF6C4E07E4301578D5936A2 |
SHA-256: | 81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06 |
SHA-512: | 65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2818 |
Entropy (8bit): | 5.140743857484184 |
Encrypted: | false |
SSDEEP: | |
MD5: | 179B17DDA66BA3EFA01A83A66A5BFA8B |
SHA1: | 5800DF5DDF14196D0C42C8BECEF24FD462E44F37 |
SHA-256: | EE97DD39939188CDCBEF837A67188CFAA91370115EEECABB1D2B74DEC94A97F5 |
SHA-512: | 5041694DC3D2EE4832F06C4D85DAAB7116C50F002B02A9082C0CE43305DB3FC604C50DD04E70F37C61221FD2E5C330026FD2F03B0FC944AD835CDD690F4DA5C0 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 0.987743459931891 |
Encrypted: | false |
SSDEEP: | |
MD5: | 09FAA2BE47F779031EC0269C28E2A4F0 |
SHA1: | 5E9C7B2651745CF1C6DEEB8B7671D9559F4BCBEF |
SHA-256: | 8A5F358C5BC7449C3BA9BBBEF7019AD67DC1A5EBE298C922BD53FE041DB0B61E |
SHA-512: | 724F3509DF1549925649CA8B462B886AEA7A3CA2A703C03E32293C7FAF48E101C0F933B6705F357B0F6FE849FA0C54B6EA06A7B28FE50A3E159A21F169166319 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 1.3447829084149776 |
Encrypted: | false |
SSDEEP: | |
MD5: | AB873329361C444F4CCB4D9B6440AE4D |
SHA1: | 97A090AEFD24E86AE2503A8558D717230EE5DCE7 |
SHA-256: | 58A8AD4DC31873A0284F21E5CCE281C7439063C399C8F8D4503FA72BEF1BA46D |
SHA-512: | 6CF61BB842907722C99450790D6C260397A7FD9F65D6689488197C0843AA37CBEEABA41BD8266AA1FE242D3897402111B9F027517ACB6C102964186B898B373A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.5193370621730837 |
Encrypted: | false |
SSDEEP: | |
MD5: | 82BC8F80BADC55712D76D405A73EEC2B |
SHA1: | 3696961E2A84A8F047C4E908674A477072CFD88C |
SHA-256: | DC32FD811C308D0A7AD6C637CDE6300CB99DAEF6A23C33A79902CB5DF7DD10D3 |
SHA-512: | 9B600B872BEC72F73A906CC8062B55EC316F4E520E7FB860F6A8BB10A02036776E2FFA83C19AFD5D258FE943A7CE492256B3CAB06D42F44032D08624699CEE5A |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 12-06-33-876.log
Download File
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16525 |
Entropy (8bit): | 5.353642815103214 |
Encrypted: | false |
SSDEEP: | |
MD5: | 91F06491552FC977E9E8AF47786EE7C1 |
SHA1: | 8FEB27904897FFCC2BE1A985D479D7F75F11CEFC |
SHA-256: | 06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB |
SHA-512: | A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29752 |
Entropy (8bit): | 5.415117259869283 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3A8CEE56B895634237D3B0A59B402088 |
SHA1: | 5F8303DBBECB88B27E8B4D04C5F70BE1C9718D77 |
SHA-256: | FABD6813BB24AD940DC1F106FFE0414E271C556BBF80B2AA27589511317C2CA5 |
SHA-512: | 6D6598A7EF3D1E92A2F697CFE1DCDC84982E6D2050244693E27169A5B321D35BA40A378AB17418328BF718402D93474B0085E2EBE59071C53AB179F769CA2386 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 7.948591496218067 |
TrID: |
|
File name: | 239492.pdf |
File size: | 29'817 bytes |
MD5: | a2cfec32ffd39ea08633e5ea6b969686 |
SHA1: | b0f6fcc50b5ae5ec44fc310ec192c4e912da5aa3 |
SHA256: | 98ce27481514e2c82eb1b8a3ad0e8afac196c2be193694e58c046f41bd634622 |
SHA512: | b57b1689435626ad1ee55241e97d5044f9e66489ee0bdd291aab19328b5664d59683c988b9c9cc99cdffd338d9602eac812cb279ccd8ab51ec2c540af1e38f4c |
SSDEEP: | 768:SMbC3MgZF3ZmLIGMZ0f5aEBF1PqkldGf7O:DbLg3ZmLIgqkldGfq |
TLSH: | 6AD2E108BD098ECDEAD4A383FB165137A42FBD8221C5D5852471E6C3298CF5B6E63A52 |
File Content Preview: | %PDF-1.4..5 0 obj..<<../Type /XObject../Subtype /Image../Filter /FlateDecode../Length 11205../Width 369../Height 166../BitsPerComponent 8../ColorSpace /DeviceRGB..>>..stream..x...y\U...i...e.Cj!.B*.2i..........Y...S.h.sN...3......"....2.)V^.*3.V.....{..9{ |
Icon Hash: | 62cc8caeb29e8ae0 |
General | |
---|---|
Header: | %PDF-1.4 |
Total Entropy: | 7.948591 |
Total Bytes: | 29817 |
Stream Entropy: | 7.987418 |
Stream Bytes: | 27282 |
Entropy outside Streams: | 5.165747 |
Bytes outside Streams: | 2535 |
Number of EOF found: | 1 |
Bytes after EOF: |
Name | Count |
---|---|
obj | 17 |
endobj | 17 |
stream | 5 |
endstream | 5 |
xref | 1 |
trailer | 1 |
startxref | 1 |
/Page | 1 |
/Encrypt | 0 |
/ObjStm | 0 |
/URI | 0 |
/JS | 0 |
/JavaScript | 0 |
/AA | 0 |
/OpenAction | 0 |
/AcroForm | 0 |
/JBIG2Decode | 0 |
/RichMedia | 0 |
/Launch | 0 |
/EmbeddedFile | 0 |